JSON character escaping function in classic ASP

If you are into advanced AJAX techniques you probably will stumble across JSON (www.json.org) which makes developing (and therefore the life) a lot easier when working with AJAX. If you already stumbled across and you use JSON within classic ASP you might find this article useful. It deals with escaping characters for JSON acording to the RFC4627#2.5

I haven’t found any snippet out there for classic ASP so we had to write our own. And so my work colleague — an old algorithm guru — just came up with this function which covers all the requirements specified in the JSON RFC.

What we want to achieve…

    <script>
      alert({foo:"<%= "some va""lue" %>"}.foo);
    </script>

The code snippet above will result in a javascript error because we are passing an apostrophe from ASP to Javascript which leads to an early closing of the string: foo:»some va»lue» (there is one apostrophe too much). The same thing happens for other characters as well. If you have line breaks, german umlaute, hidden special characters, etc. All those need to be escaped now in order that the javascript simple object notation (JSON) can interpret it. Thats the function which does the escaping (there are 3 more functions cause they’re used within the escapeJSON()):

    '******************************************************************************************
    '' @SDESCRIPTION:   takes a given string and makes it JSON valid (http://json.org/)
    '' @AUTHOR: Michael Rebec
    '' @DESCRIPTION:    all characters which needs to be escaped are beeing replaced by their
    ''          unicode representation according to the
    ''          RFC4627#2.5 - http://www.ietf.org/rfc/rfc4627.txt?number=4627
    '' @PARAM:      val [string]: value which should be escaped
    '' @RETURN:   [string] JSON valid string
    '******************************************************************************************
    public function escapeJSON(val)
        cDoubleQuote = &h22
        cRevSolidus = &h5C
        cSolidus = &h2F
       
        for i = 1 to (len(val))
            currentDigit = mid(val, i, 1)
            if asc(currentDigit)> &h00 and asc(currentDigit) <&h1F then
                currentDigit = escapeJSONSquence(currentDigit)
            elseif asc(currentDigit)>= &hC280 and asc(currentDigit) <= &hC2BF then
                currentDigit = "\u00" + right(padLeft(hex(asc(currentDigit) - &hC200), 2, 0), 2)
            elseif asc(currentDigit)>= &hC380 and asc(currentDigit) <= &hC3BF then
                currentDigit = "\u00" + right(padLeft(hex(asc(currentDigit) - &hC2C0), 2, 0), 2)
            else
                select case asc(currentDigit)
                    case cDoubleQuote: currentDigit = escapeJSONSquence(currentDigit)
                    case cRevSolidus: currentDigit = escapeJSONSquence(currentDigit)
                    case cSolidus: currentDigit = escapeJSONSquence(currentDigit)
                end select
            end if
            escapeJSON = escapeJSON & currentDigit
        next
    end function
     
    function escapeJSONSquence(digit)
        escapeJSONSquence = "\u00" + right(padLeft(hex(asc(digit)), 2, 0), 2)
    end function 
     
    function padLeft(value, totalLength, paddingChar)
        padLeft = right(clone(paddingChar, totalLength) & value, totalLength)
    end function
     
    public function clone(byVal str, n)
        for i = 1 to n : clone = clone & str : next
    end function
&#91;/vb&#93;

So now we should be able to escape the strings for JSON like this and no error should occur...

&#91;vb&#93;
    <script>
      alert({foo:"<%= escapeJSON("some va""lue") %>"}.foo);
    </script>

This stuff has been tested and works for all characters so everything can be transfered with JSON now ;) I would suggest to group the whole functions into a class called JSON with a method escape() just for a nicer use. In my case its in a utility class StringOperations where I have several string manipulation methods.

If you are interested you can download the full String class also which include the JSON escaping method:

ASP Class String Operations: Download

Comments are closed.